AI × cybersecurity projects you can have an AI assistant build for you and run on NAIRR /
Jetstream2 — written as strong, reusable prompts.
This page is also a short lesson in prompting. The single biggest factor in whether an AI builds
something that works on the first try is the quality of your request. Below is a reusable prompt
built with CRAFT — Context, Role, Action, Format, Tone — that bakes in the habits that make
results reliable.
6 habits of a prompt that works the first time
Give it a role and context. "You are an expert Python educator… I teach on Jetstream2" beats a cold request.
Be specific about the output and where it runs. One self-contained notebook, installs first, runs on a fresh Jetstream2 instance.
Define "done." Say it must run end-to-end with no errors and use reliable public data (and name a fallback if a source might be down).
Let it ask, don't make it guess. Tell it to interview you first — your class, size, level, and background — since those change everything.
Ask it to state its assumptions before coding, so you can correct course early.
Iterate. It's a conversation: "make it simpler," "add a chart," "explain that error." The first draft is a starting point.
✗ Weak prompt
make me a phishing detector notebook in python
The AI has to guess everything — the students' level, where it runs, the dataset (which may 404), whether to explain anything. You'll likely get something that doesn't run on Jetstream2 and isn't teachable.
✓ Strong prompt (CRAFT)
Context + Role + a specific Action + Format (self-contained, runs on Jetstream2, no errors, reliable data) + Tone — and "interview me first."
The AI knows who it's for, what to produce, where it runs, and what "done" means — and it asks about your class before writing a line. Far more likely to work and to teach well. (Full template below.)
① The CRAFT prompt (copy this once)
C — ContextR — RoleA — ActionF — FormatT — Tone
Context: I'm an educator using NAIRR's Jetstream2 (a cloud Jupyter environment) to teach AI for cybersecurity, and I'm not necessarily a strong programmer.
Role: Act as an expert Python educator and instructional designer who writes clear, well-commented teaching notebooks that run correctly the first time.
Action: [PASTE ONE OF THE ACTIONS BELOW]
Format: Produce ONE self-contained Jupyter notebook for a fresh Jetstream2 instance:
- put all pip installs in the first cell;
- use only well-known public datasets/models, and if one might be unavailable pick a reliable alternative and say which;
- auto-detect whether a GPU is present and adapt; keep models small enough for a NAIRR allocation;
- add a plain-language markdown explanation before every code cell;
- it must run end-to-end with NO errors, and handle a missing file or download gracefully;
- finish with a hands-on "your turn" cell. Tell me if it needs a GPU instance.
Tone: Friendly and beginner-accessible; define any jargon in plain words.
Before writing ANY code: (1) interview me — ask what course this is for, how many students, their year/level, and their prior coding and machine-learning experience; (2) briefly state the assumptions you'll make. Then wait for my answers before building.
② Then pick an idea and paste its Action into the [PASTE ONE OF THE ACTIONS BELOW]
line. Green = runs on a basic CPU instance; red = worth a GPU.
CPU Runs on a basic instance (no GPU needed)
Classic machine learning and small models — fine on the default m3.quad.
Phishing email detector
Train a classifier, then paste an email to score it.
Build a notebook that trains a phishing-email classifier on a public labeled dataset, reports its accuracy with a confusion matrix, and ends with a cell where I paste any email and see its phishing probability plus the words that most influenced the decision.
Log anomaly detection
Flag unusual login events in server logs.
Build a notebook that loads sample authentication logs, uses an Isolation Forest to flag anomalous login events, and visualizes the anomalies on a timeline with the suspicious entries listed in a table.
Intrusion detection (classic dataset)
Classify benign vs. attack network traffic.
Build a notebook that uses the NSL-KDD intrusion-detection dataset to train and compare two or three classifiers, showing accuracy, a confusion matrix, and which features matter most.
Malware classification (static features)
No live malware — features only.
Build a notebook that classifies files as malware or benign from a public static-features dataset (no live malware), reports accuracy, and explains the top features driving the prediction.
CVE triage & clustering
Group and prioritize vulnerability write-ups.
Build a notebook that loads a set of CVE vulnerability descriptions, groups them into themes with clustering, and highlights which ones appear most severe, with a chart.
IOC / threat-intel extractor
Pull indicators out of unstructured reports.
Build a notebook that extracts indicators of compromise (IP addresses, domains, file hashes, CVE IDs) from a pasted threat-intelligence report into a clean, downloadable table.
Password security analysis (educational)
Teach why length beats complexity.
Build a notebook that analyzes patterns in a public leaked-password dataset — length, character types, entropy — and estimates crack times to teach students why password length beats complexity.
SOC log dashboard
Turn raw logs into visuals.
Build a notebook that turns a server log file into a simple dashboard: failed logins over time, the top source IP addresses, and a map of where the requests came from.
GPU Worth spinning up a g3 / g4 / g5
Deep learning and language models — show off what NAIRR's bigger resources unlock.
Local LLM as a SOC analyst assistant
Explains logs, summarizes CVEs, drafts reports.
Build a notebook that runs a small open-source LLM locally and acts as a security analyst assistant — I paste a log snippet or alert and it explains what likely happened and suggests next steps.
Fine-tune a transformer for security text
Adapt a small model to your data.
Build a notebook that fine-tunes a small transformer to classify security messages as malicious or benign, and reports accuracy before and after fine-tuning.
Build a notebook that demonstrates a prompt-injection attack against a local LLM and then shows defensive techniques that detect or block it, framed for classroom discussion.
AI-generated text detection
Human vs. machine-written.
Build a notebook that distinguishes AI-generated text from human-written text and shows, for each example, how confident the model is and why.
Deep-learning intrusion detection
Autoencoder learns "normal," flags the rest.
Build a notebook that trains an autoencoder on normal network traffic so it can flag anomalies as high reconstruction error, with a chart students can interpret.
Malware-as-image classification
Binaries → images → CNN.
Build a notebook that converts malware byte sequences into grayscale images and trains a small CNN to classify malware families, showing example images.
Threat hunting with embeddings (semantic search / RAG)
Search incidents by meaning.
Build a notebook that creates embeddings for a set of incident reports, lets me search them by meaning, and answers natural-language questions about past incidents.
Adversarial examples on an image model
How tiny tweaks fool a classifier.
Build a notebook that generates adversarial examples which fool an image classifier, displaying the original and perturbed images side by side with the model's predictions.
★ Tie-in to AI Horizon
On the theme of how AI is reshaping the cybersecurity workforce.
"Which security tasks will AI automate?"
Classify tasks: created / replaced / augmented / human.
Build a notebook that takes a list of cybersecurity job tasks and uses an LLM to label each as likely automated, augmented, or human-driven by AI, with a short rationale and a summary chart.
The point for your audience: the skill isn't coding — it's asking well. A CRAFT prompt that
makes the AI interview you first turns "I'm not a programmer" into "I just described what I wanted and it built it."